We use "vmsecure password someuser (byonly" It puts a special comment in the directory. Appropriate LOGONBY rules are then created.
Marcy "This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation." -----Original Message----- From: The IBM z/VM Operating System [mailto:[email protected]] On Behalf Of O'Brien, Dennis L Sent: Tuesday, March 03, 2009 6:39 PM To: [email protected] Subject: Re: [IBMVM] Using LBYONLY Richard Schuh wrote: >And with VM:Secure, you can accomplish the same effect by using the Rules Facility. With >the following rules, the actual password is immaterial: > > REJECT * LOGON > ACCEPT userx LOGONBY That doesn't work. The REJECT * LOGON rule takes precedence, and you don't even get a chance to enter your password for LOGONBY. Set the password to LBYONLY and create ACCEPT xxx LOGONBY rules for the userids you want to log on. That's all you need. If you don't have VM:Secure or another external security manager, then set the password to LBYONLY and add LOGONBY statements to the directory. Dennis O'Brien 39,556
